Idan Aviv Idan Aviv - 1 month ago 15
iOS Question

Firebase logout all accounts when user change password

How do I make that Firebase will logout from all accounts when the user is change its Password.

So if user have 2 devices that are connected to the same account, and one device change the password of the account, the other device will disconnect. The idea behind it is that if user's account is hacked, they can change their password and disconnected the hacker from their account.

Answer

You have to logout and login regularly to check if the credentials save on the device are still valid. Depending on your security needs you have to decide how often you do this. The most restrictive way would be before every Firebase call, the least restrictive would be when your app becomes active. I would:

  • introduce a last password check Date entry in UserDefaults
  • introduce a timeoutconstant (5 minutes)
  • save Date() when logging in
  • write a wrapper around calls, that compares the time interval in between now and last password check with timeout
  • if timeinterval > timeout, re-login